Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

GHSA-3vhr-f5xr-8vpx · CVE-2015-7537

Published May 13, 2022 · Modified Mar 13, 2025

Description

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-7537
WEB https://github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1
WEB https://access.redhat.com/errata/RHSA-2016:0070
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
WEB http://rhn.redhat.com/errata/RHSA-2016-0489.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes